[…] code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites.
I wonder if the intent was to actually send users to these sites, or to generate bogus clicks on ad links.
Seems like a lot of effort to go through just to drive a little extra traffic to some random porn sites.
Cloudflare’s (pretty good IMO) response was pretty indicative of how bad this was. It sounded a lot to me (without that low level of familiarity of exactly everything they offer) like they specifically built some new tooling just to handle this issue at scale. They definitely said that changing links on pages (without an opt in for free users, who generally are less advanced/serious) is not something that they want to do, which is good, but I do think this specific scenario justified defaulting to enabled for customers who aren’t paying for the service.
This is the best summary I could come up with:
]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren’t natively supported.
On June 25, researchers from security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites.
Even then, content delivery networks such as Cloudflare began automatically replacing pollyfill links with domains leading to safe mirror sites.
The findings underscore the power of supply-chain attacks, which can spread malware to thousands or millions of people simply by infecting a common source they all rely on.
“Since the domain was suspended, the supply-chain attack has been halted,” Aidan Holland, a member of the Censys Research Team, wrote in an email.
What’s more, the Internet scan performed by Censys found more than 1.6 million sites linking to one or more domains that were registered by the same entity that owns polyfill[.]io.
The original article contains 645 words, the summary contains 148 words. Saved 77%. I’m a bot and I’m open source!
